1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Another worrying macOS malware scheme has been discovered here's

    From TechnologyDaily@1337:1/100 to All on Monday, March 30, 2026 17:15:29
    Another worrying macOS malware scheme has been discovered here's how to stay safe

    Date:
    Mon, 30 Mar 2026 16:05:00 +0000

    Description:
    Malwarebytes discovers Infiniti Stealer - a new piece of malware targeting macOS devices.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter Malwarebytes uncovers Infiniti Stealer targeting macOS via ClickFix social engineering Victims tricked into running malicious Terminal code, bypassing traditional defenses Stealer compiled with Nuitka, exfiltrates browser credentials, Keychain data, wallets, and screenshots MacOS devices are being increasingly targeted with malware , as security researchers discover yet another infostealer variant in the wild.

    Malwarebytes published an in-depth report on a piece of malware called Infiniti Stealer, which was apparently compiled in a rather unusual fashion. Infiniti Stealer is apparently distributed via a ClickFix social engineering attack. A ClickFix attack tricks the victim by presenting a problem and, at the same time, offering a solution. In this case, Malwarebytes says the victims are being redirected to update-check[.]com (most likely through phishing emails claiming certain software needs updating in order to work properly) where they are shown a benign-looking CAPTCHA. Article continues below You may like 'The prevailing wisdom used to be that macOS was at lower risk of malware infection compared to Windows...thats no longer the case': Experts warn Mac infostealers are on the rise - here's how to stay safe Dangerous new malware targets macOS devices via OpenVSX extensions - here's how to stay safe 'macOS is becoming a more attractive target, and the tools attackers use are becoming more capable and more professional': Experts warn 'convincing' fake CleanMyMac installs target Apple users to empty crypto wallets Compiled with Nuitka Besides the usual I am not a robot checkbox, the CAPTCHA has an additional step (which should also serve as a major red flag): to open Spotlight (the built-in search tool), run Terminal, and paste the given code. This code runs a dropper which, in turn, delivers Infiniti Stealer.

    Because the user runs the command directly, many traditional defenses are bypassed, Malwarebytes explained. Theres no exploit, no malicious attachment, and no driveby download.

    What makes this malware stand out is the fact that it is written in Python, but compiled with Nuitka, a compiler that converts Python code into
    standalone executables or optimized binaries.

    The resulting product is a native macOS binary which, according to the researchers, makes it harder to analyze and detect compared to your typical off-the-shelf Python-based malware. Are you a pro? Subscribe to our
    newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me
    with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    To our knowledge, this is the first documented macOS campaign combining ClickFix delivery with a Nuitka-compiled Python stealer, Malwarebytes said.

    An infostealer is a malware variant designed to exfiltrate sensitive data
    from target devices. Usually delivered through social engineering, infostealers get installed through droppers, and try to upload various types of information to an attacker-controlled server, including browser data (cookies, stored passwords, cryptocurrency wallet plugins, etc.) passwords, sensitive files (.docx, .txt, .pdf, and other formats), and other files
    deemed of value.

    Depending on the type of malware, these can try to upload more or less data, and come with different obfuscation and persistence mechanisms. What to read next Microsoft warns infostealer malware is 'rapidly expanding beyond traditional Windows-focused campaigns' and targeting Mac devices OpenClaw AI agents targeted by infostealer malware for the first time Infostealers are being disguised as Claude Code, OpenClaw and other AI developer tools How to stay safe from phishing and infostealers Phishing is one of the most popular attack vectors today (Image credit: weerapatkiatdumrong / Getty Images) Infiniti is capable of stealing a wide range of sensitive data. Primarily, it hunts for credentials from Chromium-based browsers, as well as Firefox. It
    can exfiltrate macOS Keychain entries, cryptocurrency wallets, and plaintext secrets in developer files such as .env. Finally, it will also exfiltrate screenshots captured during execution.

    Social engineering is a popular scam tactic, and phishing emails continue being the biggest attack vector out there. To prevent falling prey to these campaigns, exercise caution and a high level of skepticism towards any and
    all incoming communications, be it email, instant messaging, or phone. Double-check all links being shared in the email, and hunt for typos, letters replaced by numbers, and otherwise suspicious variations of known domains. (For example, microsoft is often spelled with an RN instead of M in phishing emails - rnicrosoft - making it almost indistinguishable).

    Be careful when downloading attachments (especially when receiving an unexpected message) and make sure youre running phishing-proof multi-factor authentication .

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/another-worrying-macos-malware-scheme-h as-been-discovered-heres-how-to-stay-safe


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)